<?php
    session_start();
    //require section
    require_once dirname(dirname(dirname(__FILE__))) . '/shared/config/config.php';

    $booking_id = $_POST['transaction_id'];
    
// Validate the Moneybookers signature
$concatFields = $_POST['merchant_id']
    .$_POST['transaction_id']
    .strtoupper(md5('movie'))
    .$_POST['mb_amount']
    .$_POST['mb_currency']
    .$_POST['status'];

$MBEmail = api_config::get_skrill_email();

// Ensure the signature is valid, the status code == 2,
// and that the money is going to you
if (strtoupper(md5($concatFields)) === $_POST['md5sig']
    && $_POST['status'] == 2
    && $_POST['pay_to_email'] === $MBEmail)
{
    
//    api_config::set_easypaisa_detail("concat:" . md5($concatFields) . ", md5sig:" . $_POST['md5sig'] 
//        . ", status:" . $_POST['status'] . ", pay_to_email" . $_POST['pay_to_email']
//        . ", MBE:" . $MBEmail);
    // Valid transaction.

    //TODO: generate the product keys and
    //      send them to your customer.
    //      
    
    api_booking::update_paid($booking_id);
    $booking = api_booking::get_booking_by_id($booking_id);
    $user_email = api_booking::get_user_email_from_booking_id($booking_id);
    // send mail to user cinema
    $email_sent_to   = api_tickets::get_user_cinema_email($booking['ticket_id']);
    $message         = "A client (email: ".$user_email.") have booked. \n"
                     . "Booking ID: ".$booking_id." \n"
                     . "This is booking code: ".$booking['generated_code']." \n";
    mail($email_sent_to, "Client booking successfully and paid by Skrill.", $message);
    
    // send mail to client
    $email_sent_to   = $user_email;
    $message         = "This is your booking code: ".$booking['generated_code']." \n"
                     . "Remember your code when you come cinema, have fun. \n";
    mail($email_sent_to, "Congratulations, Booking successfully!", $message);
}
else
{
    // Invalid transaction. Bail out
    api_booking::delete_booking($booking_id);
    exit;
}